- Asia Pacific accounts for the majority of compromised logins for sale
- More employees are using ChatGPT for work, this can expose confidential company info
- Users should leverage 2FA to secure their ChatGPT accounts, update passwords
Over 100,000 ChatGPT login credentials were leaked and traded on the dark web from June 2022 to May 2023 according to Group IB, a Singaporean cybersecurity firm, Cointelegraph reported. The cybersecurity experts found the login details in the logs of malware stealing information.
The peak was in May 2023. That month, almost 30,000 ChatGPT-related credentials became available on black markets online.
Most compromised logins for sale in Asia Pacific, MEA
The Asia-Pacific region accounted for the majority of compromised logins for sale during the time period indicated above. The credentials leaked there were around 40,000. Of that number, Indian login details took the top position overall, with more than 12,500 credentials leaked.
Egypt had the most leaks in the MEA region – around 4,600. The US and France both had around 3,000 leaks. This gives the two countries the sixth spot. France takes the top spot in Europe, followed by Spain, Germany, Italy, and Poland.
Risk of attacks against companies and employees
According to Group IB, more and more employees are using ChatGPT for work. The cybersecurity firm warned this could expose confidential company information because chat history and user queries are stored by default. Then, malicious entities can exploit the information and attack companies or individual staff members.
Sensitive corporate information can be used by competitors for industrial espionage. Personal data can be leveraged for blackmail, extortion, or harassment.
If customer data is compromised, trust in the company is eroded, leading to loss of customers and a damaged brand image.
The solution: 2FA and new passwords
Group IB encourages users to use 2FA to secure their ChatGPT accounts and regularly update passwords.
Users can create ChatGPT accounts directly through OpenAI, the company behind the popular AI bot. They can also use their Apple, Google, or Microsoft accounts to login.